CISA warned at this time {that a} vital Ivanti vulnerability that may let menace actors acquire distant code execution on susceptible Endpoint Supervisor (EPM) home equipment is now actively exploited in assaults.
Ivanti EPM is an all-in-one endpoint administration answer that helps admins handle shopper units on varied platforms, together with Home windows, macOS, Chrome OS, and IoT working methods.
Tracked as CVE-2024-29824, this SQL Injection vulnerability in Ivanti EPM’s Core server that unauthenticated attackers throughout the similar community can exploit to execute arbitrary code on unpatched methods.
Ivanti launched safety updates to patch this safety flaw in Could, when it additionally addressed 5 different distant code execution bugs in EPM’s Core server, all impacting Ivanti EPM 2022 SU5 and prior.
Horizon3.ai safety researchers printed a CVE-2024-29824 deep dive in June and launched a proof-of-concept exploit on GitHub that can be utilized to “blindly execute instructions on susceptible Ivanti EPM home equipment.”
In addition they suggested admins on the lookout for indicators of potential exploitation on their home equipment to evaluation MS SQL logs for proof of xp_cmdshell getting used to acquire command execution.
At this time, Ivanti up to date the unique safety advisory to state that it “has confirmed exploitation of CVE-2024-29824 within the wild.”
“On the time of this replace, we’re conscious of a restricted variety of prospects who’ve been exploited,” the corporate added.
Federal businesses ordered to patch inside three weeks
On Tuesday, CISA adopted go well with and added the Ivanti EPM RCE flaw to its Recognized Exploited Vulnerabilities catalog, tagging it as actively exploited.
Federal Civilian Govt Department (FCEB) businesses now should safe susceptible home equipment inside three weeks by October 23, as required by Binding Operational Directive (BOD) 22-01) requires,
Whereas CISA’s KEV catalog is primarily designed to alert federal businesses of vulnerabilities they need to patch as quickly as potential, organizations worldwide must also prioritize patching this vulnerability to dam ongoing assaults.
A number of Ivanti vulnerabilities have been exploited as zero-day flaws in widespread assaults in current months, focusing on the corporate’s VPN home equipment and ICS, IPS, and ZTA gateways.
Final month, Ivanti warned that menace actors have been chaining two lately fastened Cloud Companies Equipment (CSA) vulnerabilities to assault unpatched home equipment.
In response, Ivanti introduced in September that it is working to enhance its accountable disclosure course of and testing capabilities to deal with such safety threats extra shortly.
Ivanti companions with over 7,000 organizations to ship system and IT asset administration options to greater than 40,000 corporations globally.